Minim and CommScope have come forward with interim fixes for "Cable Haunt," a recently discovered vulnerability that threatens tens of millions of cable modems powered by certain Broadcom chipsets equipped with a built-in spectrum analyzer.
Discovered by a group of Danish researchers, the Cable Haunt vulnerability is exploitable via a malicious web page script that can be loaded unknowingly and enable a bad actor to take control of a modem to intercept private messages, redirect traffic or join a botnet.
The Lyrebirds researchers question whether applying the Cable Haunt moniker to the vulnerability was warranted, but ultimately figured it made sense to 'go big and branded' with the findings, given the potential scope of the issue.
"The specific vulnerability is abusing an interface that technicians can use to check the quality of the signal to your service provider," Sam Stelfox, senior security engineer at Minim and the developer behind the company's virtual patch for Cable Haunt, explained in this blog post.
Minim's patch blocks Cable Haunt exploit attempts for cable modems and routers on its network. The company noted that tracking the spread of Cable Haunt has been difficult because it appears the vulnerability originated in reference software that has seemingly been copied by different cable modem makers when creating their firmware.
CommScope, which acquired Arris last year, posted a security advisory about Cable Haunt on January 17 that highlights affected product models. CommScope's initial suggested method for neutralizing Cable Haunt is to direct existing DOCSIS filters to block access to the RF Spectrum Analyzer, whose interface operates on an HTTP server running on port 8080.
"In the interim, CommScope is reviewing plans for firmware upgrades to eliminate this vulnerability which will allow access to the Spectrum Analyzer to be restored," CommScope added.
More details about Cable Haunt
As explained in this post by cable industry veteran Brady Volpe, that Full Band Capture analyzer in Broadcom chips is typically used for proactive network maintenance applications to identify downstream impairments in customer homes remotely and without the need for an on-site technician. He adds that, in most cases, a password isn't required to open and view the analyzer when connected to the cable modem (even when connected via WiFi), which could allow for the insertion of malicious code.
The Lyrebirds researchers who discovered this vulnerability believe that a bad actor could do a bunch of bad things, including changing the default DNS server, upload and update firmware, disable firmware upgrades, change configuration files and settings, change serial numbers and exploit devices to botnets.
"Any of the above exploits by themselves is extremely dangerous to a cable network," wrote Volpe, the president and founder of The Volpe Firm and NimbleThis, which provides tech consulting services to cable operators and telecom operators and suppliers worldwide. "They enable everything from denying subscribers access to the services they pay for to completely taking down the DOCSIS network by bricking modems. Even worse, they can turn every modem into a bot that will create a massive denial of service attack on another company, such as what happened to Imperva in 2019 or Github in 2018."
While the bad news is that clicking on a bad link or opening a bad file could wreak havoc on vulnerable modems, the good news so far is that "there are no known exploits in the wild," Volpe noted, but warned that it's likely only a matter of time before someone tries to exploit the vulnerability.
"I believe that Cable Haunt and the work exposed through Cable Haunt will forever change the security of cable modems," he concluded.
It wasn't long ago that TV was ranked by subscribers as the most important service in the bundle provided by their communications service provider (CSP). Recent research indicates that for nearly three quarters of subscribers, broadband is now the most important service. Broadcast TV is the most important service to only 15% of North American consumers, replaced by OTT video streaming platforms like Netflix, Amazon Prime and Disney+. In addition, many different competitors are moving aggressively to stake a claim in consumers' homes.
In 2020, CSPs need to fight back by transforming their business models, which are becoming more reliant on a single source of revenue: fixed broadband services.
This webinar will focus on helping CSPs transform their business models by placing a firm focus on delivering a sensational subscriber experience and by offering compelling new services that generate value for subscribers. These actions will reinforce the CSP's strategic position in the home network and position themselves for growth in the next decade.
Key topics include:
Being the first to market with WiFi 6 technology, in response to consumer purchases of new devices over the holidays;
Having the insights needed to proactively resolve issues, often before your subscribers even know that there are issues;
Providing help desk agents with the visibility they need to resolve common subscriber issues more quickly;
Delivering a mobile app, in response to consumer demands for the ability to do some things themselves, rather than having to call technical support; and
Addressing consumer concerns around device security, privacy and control with enhanced security and parental controls.
In this insightful Light Reading radio show, Kurt Raaflaub, Head of Strategic Solutions Marketing, will outline the key service provider challenges, deployment considerations, next-gen Gigabit technologies, and service models to win market share in the rapidly growing MDU market.